From 83d4517f3341d7c411b0456ce7de1bd7deb0b679 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 7 Apr 2011 00:01:07 +0200
Subject: use filter better later

---
 src/django_co_connector/models.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/django_co_connector/models.py b/src/django_co_connector/models.py
index c21bdfd..5832b88 100644
--- a/src/django_co_connector/models.py
+++ b/src/django_co_connector/models.py
@@ -53,11 +53,9 @@ def deny(object,group,permission):
 def can(object,user,permission):
     if not hasattr(object,'acl'):
         raise Exception,"no acl property"
-        
-    for ace in object.acl:
-        if ace.permission == permission and not ace.group:
-            return True
-        if ace.permission == permission and ace.group in user.groups:
+    # XXX use more sql here
+    for ace in object.acl.filter(permission=permission):
+        if not ace.group or ace.group in user.groups:
             return True
             
     return False
-- 
cgit v1.1